Microsoft this week announced boosted customer security with a new feature in Office 2013: the ability to block risky macros.
The new functionality is Microsoft’s response to the growing trend of macro-abusing malware assaulting users worldwide and is meant to render corporate networks safer from such threats. Enterprise administrators can now block Office 2013 users from running macros in documents that originated from the Internet.
Earlier this year, the Redmond-based tech giant introduced the functionality in Office 2016 to prevent malicious macros from compromising computers in specific scenarios, and now it made it available for more of its customers.
The same as in Office 2016, enterprise admins can enable the option for Word, Excel, and PowerPoint. Control over this feature is available via the respective application’s Group Policy Administrative Templates for Office 2013.
The functionality is meant to work in Office 2013 exactly the same as in Office 2016, Microsoft says. Thus, organizations have the option to selectively scope macro use to a set of trusted workflows, while also being able to block users from enabling macros in scenarios that are considered high risk. Courtesy of a different and stricter notification, users will be able to more easily distinguish between high-risk situations and normal workflow.
The feature is meant to address the issue of risky macros in documents downloaded from websites or cloud storage services such as OneDrive, Google Drive, and Dropbox. Macros in documents received as attachments in emails from outside sources, as well as those opened from file-sharing services are also targeted.
Macros have recently reemerged as a popular malware distribution method after being nearly extinct for almost a decade, when Microsoft decided to turn them off by default in Office. Now, cybercriminals use various social engineering tactics to trick users into enabling macros in malicious documents.
Researchers observed threat groups abusing macros to deliver malware, but this delivery method is mostly used to infect computers with ransomware or banking Trojans. Recently, researchers discovered that attackers create macro-enabled documents and then rename them by changing their extension, so that detection systems wouldn’t block their delivery.
